Mail Flow Rules

To support Prevent (Inline) protection mode for policies, Harmony Email & Collaboration creates Mail Flow rules. These rules allow Harmony Email & Collaboration to scan and perform remediation before the email is delivered to the recipient’s mailbox.

Harmony Email & Collaboration creates these Mail Flow rules.

Check Point - Protect Outgoing Rule
Check Point - Protect Rule
Check Point - Whitelist Rule
Check Point - Junk Filter Low Rule
Check Point- Junk Filter Rule

Mail Flow Rules

Note - This is added only if inline policy is enabled for Internal Traffic.

Check Point - Protect Outgoing Rule

When is this rule applied?	What does this rule do?	Exceptions
Email is sent Outside the organization. Email is received from a checkpoint_inline_outgoing@[portal domain] group member.	Routes the email using Check Point DLP Outbound Connector. Sets the message header X-CLOUD-SEC-AV-Info with the [portal],office365_emails,sent,inline value. Stops processing more rules.	Sender IP address belongs to one of the relevant IP addresses for Check Point - Protect Outgoing rule. See IP Addresses for Check Point - Protect Outgoing Rule.

Note - [portal] refers to the unique identifier of your Infinity Portal tenant.

Check Point - Protect Rule

When is this rule applied?	What does this rule do?	Exceptions
Email is received from Outside the organization. Email is sent Inside the organization. Email is sent to checkpoint_inline_incoming@[portal domain] group member.	Routes the email using Check Point Outbound Connector. Sets the message header X-CLOUD-SEC-AV-Info with the [portal],office365_emails,inline value. Stops processing more rules.	Sender IP address belongs to one of the relevant IP addresses for the Check Point - Protect rule. See IP Addresses for Check Point - Protect Rule.

Notes - [portal] refers to the unique identifier of your Infinity Portal tenant.

Check Point - Whitelist Rule

When is this rule applied?	What does this rule do?	Exceptions
Sender IP address belongs to one of the relevant IP addresses for the Check Point - Whitelist rule. See IP Addresses for Check Point - Whitelist Rule.	Sets the Spam Confidence Level (SCL) to -1.	If the message header X-CLOUD-SEC-AV-SCL matches the following patterns: true.

Check Point - Junk Filter Low Rule

This rule is used to mark Microsoft that the email was detected as spam by Check Point and should be delivered to the Junk folder.

When is this rule applied?	What does this rule do?
Sender IP address belongs to one of the relevant IP addresses for the Check Point - Junk Filter Low rule. See IP Addresses for Check Point - Junk Filter Low Rule. X-CLOUD-SEC-AV-SPAM-LOW header matches the following patterns: true	Sets the Spam Confidence Level (SCL) to 6.

Check Point- Junk Filter Rule

This rule is used to mark Microsoft that the email was detected as spam by Check Point and should be delivered to the Junk folder.

When is this rule applied?	What does this rule do?
Sender IP address belongs to one of the relevant IP addresses for the Check Point - Junk Filter rule. See IP Addresses for Check Point - Junk Filter Rule. X-CLOUD-SEC-AV-SPAM-HIGH header matches the following patterns: true	Sets the Spam Confidence Level (SCL) to 9.